Chip & PIN terminal playing Tetris

Many discussions over the security of Chip & PIN have focused on the tamper-resistance of terminals (for example in the aftermath of the Shell Chip & PIN fraud). It is important to remember, however, that even perfect tamper resistance only ensures that the terminal will no longer be able to communicate with the bank once opened. It does not prevent anyone from replacing most of the terminal’s hardware and presenting it to customers as legitimate, so freely collecting card details and PINs.

Steven Murdoch and myself took the chassis of a real terminal and replaced much of the internal electronics such that it allows us to control the screen, keypad and card-reader. Steven suggested that in order to show that it is completely under our control, we should make it play Tetris (similarly to the guys who made a voting machine play chess). We recorded a short video showing our Tetris playing terminal in action. Have a merry Christmas and happy New Year 🙂

APACS, the payments organisation representing high street banks, said the Cambridge breakthrough could be a threat.

‘People could, in theory, use this to steal account details from cards,’ said Sandra Quinn of APACS. ‘Our experts are in discussion with the manufacturers of terminals to see what can be done. Essentially what these people have done is replace the innards of a chip and Pin machine.

‘However, we would say that this has only been seen in a laboratory so far. People would not be able to create counterfeit chip and Pin cards, but they could use this information abroad to make purchases.’

Post navigation

87 thoughts on “Chip & PIN terminal playing Tetris”

I was under the impression the the requirement was for tamper eveidence, not tamper resistance. The particular terminal shown obviously does not meet the requirement. All the king’s soldiers and all the king’s men should not have been able to put it back together again.

The tamper resistance in EMV terminals disable it from communicating, and completing transactions with the bank.

The tamper resistance does not leave any evidence externally observable to the user, the one that is potentially being defrauded. Even if it did, users are not trained to look for this evidence. The wide range of terminal types, colors, and shapes does not lend the customer any hand in identifying a fake terminal, either.

So, the current tamper resistance does not protect the customer in any way. Our terminal looks exactly the same as it did before we replaced the internal hardware.

The normal way that EMV terminals comply with the tamper-evidence/resistance specification is a simple lid-switch. When this is triggered, keys and/or software is wiped. This is detectable by the acquirer (since they share keys with the terminal), but the physical appearence does not change so the customer is none the wiser.

I think this technique does comply with the section of the EMV specification that you quoted. Note it says “cardholder or detected by the merchant or acquirer”. Our tampering would be evident to the acquirer since it could no longer make transactions. As long as one sub-condition is met, the requirement is met.

Making a terminal tamper-evident to the customer is a very hard requirement to achieve. If the device was assembled, there must be a way to disassemble it (if only for repair). Tamper-evident seals could help, but only with skilled and patient examinars, so not everyday customers.

Short of connecting the tamper-detection circuits to an explosive charge, I can’t think of a robust way to let customers, without any special equipment, to detect whether a terminal has been tampered with,

In this particular case I assume the customer would notice that the terminal plays Tetris. However, the risk is that the sofware change would not change the appearance, just record the PINs.

There are no secret keys in a standard EMV terminal, the EMV protocols do not trust the terminal too much, the protocol is between the issuer and the card, and the secret keys used are also known only to them. The are no keys shared beween the terminal and the acquirer. The terminal does store some public keys that are used for offline authentication, if they are erased and the sofware is intact all transactions will either go online or be declined.

The major risk in this case is stealing PINs, the minor risk allowing a few off-line transactions with limited total value.

In the short-term terminal sabotage is all about PIN theft (in the long-term there’s other stuff that can be done, relay attacks et. al). To steal a PIN, the customer must first surrender it.

Customers of banking systems are expected to be willing to enter their PIN into pretty much any device, so long as it is solicited by an authority figure associated with payments. In practice this means a variety of people: the bank as represented by their customer services agents on the phone line, the merchant, the bank’s advertisting campaign, the till attendant at tescos, all of the above.

While it is fortunately the case that most people are educated not to surrender their PIN to another human directly, currently the customer has little feel for what electronic devices are permissible, and in what state of repair these devices should be.

This means that the customer will always be at risk due to lack of cultural awareness about protecting PINs, and the underlying flux in payment schemes will keep it this way for the forseeable future.

So whatever the state of tamper-resistance and tamper-evidence for real terminals, and regardless of whether or not the terminal that Steven and Saar modified was originally compliant, the fundamental problem remains, and it can’t be magicked away.

It’s not time to start blaming anyone, we just have to recognise that rolling out global password-based (i.e. PINs) authentication for payments, and carving a niche which does not have adverse interactions with other environments requiring authentication is damn hard!

This is not everywhere true: in some countries, in the terminal, there are keys at least for online message encryption and online Pin encryption.
So when the terminal detects an attack, it should delete the keys and stop working.

The merchant should be responsible (liable) that the original terminal has not changed, stolen, etc. in the same way the cardholder must take care of the Pin.

I don’t understand why the PIN system isn’t two-way. Ie, a PIN from the bank to you to prove that the terminal is authentic, and a PIN from you to the bank to prove you are owner (or at least someone who knows the PIN).

So for example every card could have a number associated with it which is not contained in the card itself, but once the card id is sent to the bank, a number is retrieved which is displayed on the terminals screen and which the card holder can use to verify the terminal is working correctly. The card holder can then enter his PIN to validate the transaction.

Then again, how many people are going to remember two pins and therefore simply always accept regardless of the number presented? Considering the amount of people who keep there pin number either in there wallet or on there mobile phone, I’d say a very select few…

With a phone keypad, a card swipe, an lcd, and a fancy case, you could build something most people wouldn’t think twice before trusting! Think of all the atms out there that people blindly trust. Anyway, just the fact that it’s playing tetris is cool!

Does not work 😉 Since the hardware is under complete control by the tetris-team, they could make the panel glow green as much as they like.

Instead just use basic crypto theorems: The bank must authenticate itself by showing it knows a certain secret key. So only insert your PIN if the device shows you some string or number you know. The hacker will not know this number and cannot display it. You’d have to remember two PINs then, but that’s ok I think.

Rigg up fake pin reader.
Swipe the card in the till like they do in tesco.
Get the customer to enter the pin.
Have another working pi reader rigged up under the desk that just reneters the pin number so that the transaction goes through.
proffit.

This reader is clearly physically modified. There is a big opening just above the screen where it has been cut open. People, don’t stick you cards in or enter you pin into a reader that has obvious damage done to it.

I’m not sure what is so impressive about this anyhow. I have a Schlumberger (now Gemalto) Magic 6000 reader on my desk, and we’ve got a dev kit for it. They are not hard to get. Anybody that wanted to could buy one, put whatever code they care to write on it, and then replace a real reader with it. That would be easier than whatever hacksaw method these guys used.

As has been mentioned earlier the damage that can be done in such a situation is limited because of the EMV protocol.

What a load of bull. If i put MAC Hardware in a typical Intel PC Casing i can also say i cracked the INTEL plattform to act as a Mac. And how difficult will it be for a crook to open a terminal, extract the Hardware, add additional hardware like keyloggers and put everything nicely back together in a new casing that looks exactly the same? Just think 3D Printers and general casing parts that you can get over the Internet. And which customer is able to say that a casing is really the original and not some fake? If it just looks alike anybody will still enter their PIN on this fake. And if the clerk at the checkout is the crook they simply say ‘Ohhhh the original terminal was broken and we got this new model’
But as long as these wannabe researchers could waste money and time on something obvious………….

If one person can produce something another person can fake it. This is a fact and nothing we need to waste research money and time on. But it seems the IQ of our researchers reaches freezing point and logic doesn’t play a part in research anymore.

Ok – that one is sheer genius. I’ve seen cards with thumbprint readers, but that struck me as expensive. A card with a keypad is similarly expensive, but imposes very heavily on terminal design.

But just a green LED? Very cool! Suggestion — the LED could even be ‘on chip’ under the contact pad, with a fiber optic in the card to lead to the edges (more than one) so that the card does not need too much embedded electronics.

It’s still not perfect — it’s still possible to hack the terminal to record keystrokes (PINs) during a live transaction. But this is much, much harder, because now PINs will only be entered *when the bank requests it*. Wholesale replacement of the guts will prevent cards from working properly.

The tougher part would be changing the standards to insist on online operation. Here in Canada, all debit cards are stripe only, but they are always on-line, always PIN, never signature. Dialup terminals would still be a tough one, but the increasing use of network connected terminals would work well with your idea.

[…]Steven Murdoch and Saar Drimer of Cambridge University demonstrated that, by modification of internal hardware, a chip & PIN terminal could be converted for illegitimate use, while still appearing legitimate to users. Steven and Saar made a terminal play Tetris to demonstrate, as on this YouTube video.[…]

[…]Steven Murdoch and Saar Drimer of Cambridge University demonstrated that, by modification of internal hardware, a chip & PIN terminal could be converted for illegitimate use, while still appearing legitimate to users. Steven and Saar made a terminal play Tetris to demonstrate, as on this YouTube video.[…]

There is a trick that was actually used in eastern europe. The real card reader has a small raised frame attached over the slot where the card goes. This contains a data reader. The pins of the card can be tapped here, and the data relayed to the real connectors. The keypad has a small cmos video camera attached to the lower portion of the keypad with another small plastic frame. The keys that are pressed can be calculated with simple image processing software (the same used for projected keyboards). This allows the attacker to get the pin, complete the legal transaction and pretty much do anything with the card. (after or before the real transaction) The only sign of this hack would be that the reader gets bulkier but when the new plastic matches the original it can be regarded as a design feature. This device can be removed from the readed without any trace.

“The bank must authenticate itself by showing it knows a certain secret key. […] The hacker will not know this number and cannot display it. You’d have to remember two PINs then, but that’s ok I think.”

The name of the owner is on the chip and can be read out and displayed on the LCD screen without contacting the bank. If you look closely at the video, you’ll see a reference to “Dr. Falken”. In fact, our scheme reads the name of the owner off the card and displays it instead. We decided not to show any legitimate cards or owners’ name so not to infringe on anyone’s rights (logos, etc.) or privacy so we used a blank card instead. That’s why we also covered the manufacturer’s logo and model number.

Well this obviously shows that it could be a threat to the who security side of chip and pin. For a start, the UK Government and Bank’s were very stupid for implementing the cheaper, less secure version of chip and pin scheme. Take France for instance, most of the Banls and retail outlets offer the highest security possible.

Another thing is that the public seem to think chip and pin is a relatively new technology – it isn’t! Regarding France again, the system has been in place for years. Another failing of the UK. I don’t know why we Brit’s cope with our country .

Good to know that what looks like a big cut above the screen is tape. Of course since it probably says either Schlumberger or Axalto, neither of which is the current brand name I’m guessing that the value of the tape is minimal.

My point that these devices are not hard to obtain and program in any way that you want. It is probably harder to do what is demonstrated here than to simply buy a terminal and program it. If you are going to do this you are only a step away from hacking up your own box with a card reader and pin pad and grabbing CC#s and pins with that. Again, the exposure is somewhat limited.

I’m not sure whether this has been thought of but public key encryption (or similar) could be used. Combined with the glowing green thing this would not prevent a video camera or keylogger recording the pin but at least the only way to _use_ the pin would be to steal the physical card.

This is simplified by the card only needing to know 1 banks public key and the bank can know every cards public key.

The green light would of course only switch on when the bank sends an encrypted “switch green light on now” message (which the card can decrypt). The user can then enter their pin (which can still be logged of course).

I would also propose that the bank also challenges the card based on the date/time of transaction or sequence number so that a naughty vendor’s reader can’t just replay the conversation between card and bank multiple times.

It’s also easy to reconfigure most pinpads like at mcdonalds big w safeway etc. (AUS) just by pressing the key (FUNTION) (F) (FUNC)
and keying in 3824 for matenince or 7410 for configuration can really fuck them over

Presumably from the user’s point of view the best thing to do is always to enter a false PIN when first prompted, and only enter the right one if that gets rejected?

Until that practice gets widely used; then presumably the fraudsters would always reject the first PIN entered. But it should help in the short term.

As others have suggested, a better long-term solution would be for the terminal to have to display some fact that the bank knows, but which isn’t stored on the card, such as the user’s middle name, or the first line of the address, or date of birth. But I suppose that brings new risks into play…

Presumably from the user’s point of view the best thing to do is always to enter a false PIN when first prompted, and only enter the right one if that gets rejected?

The system automatically locks the card if the pin is entered incorrectly 3 times, even in different locations and at different times, so you would have to go to your bank machine and unlock your card again every 3 times you did this.

I think you’ll find that’s only if you enter the wrong number 3 times in a row – any correct entry resets the counter. I’m sure that I’ve entered my PIN incorrectly many more than 3 times over the last year, and never had a locked card yet. I agree that doing this once deliberately increases the risk of getting the card locked, but it decreases the risk of being fooled by a hacked terminal.

I have an even better idea. How about, instead of using a PIN which can be snarfed, have the user perform some physical gesture which cannot be replicated electronically? Signing their name on a piece of paper, for instance. A human being would be needed to verify the signature against a sample, but since there is normally a person operating the till, they could do the job. The sample could even be on the card itself, since it doesn’t actually contain all the information needed to replicate it. Anyone who hasn’t had as much practice signing that name as its real owner will take too long and make awkward pauses (learning to forge a signature convincingly takes at least an hour even for an experienced person, and during this time the cardholder might well notice and report the loss). A trained till operator could manually flag suspicious transactions if the signature differs significantly from the sample or if the signer appears ill-at-ease.

The more troublesome machines are those that also have a magnetic stripe reader, so as well has having the PIN they have a record of the stripe. This is presumably enough information to do a good job of cloning the card. How many places could such a forged card be used? These will be devices that use the stripe and not the chip?

I asked the bank about this, and they said not to worry.

I’d prefer if all machines that read the strip as well are removed from service and customers told to refuse to use them. I believe we’re not meant to hand over the cards either, but a number of shops expect this so that the card can be placed into a reader attached to the checkout operator’s screen. The lack of standardisation of the procedure is a real problem. The customer is often expected to do things that are not secure.

WTF didn’t they use public key for the chip part of the “chip and pin”

This does exist in the EMV specification, known as dynamic data authentication (DDA). However, the UK banks went for the cheaper static data authentication (SDA) which only uses symmetric cryptography. This can still verify the authenticity of a card for the 80% of transactions which are online, but the real problem is the banks kept on accepting magnetic stripe cards in ATMs.

What we helped two sets of journalists do was to take their own Chip & PIN card then copy the magstripe onto a card with no chip. Helpfully, the banks store a copy of the magnetic strip on the chip for backwards compatibility, but magstripe readers are cheap. Using the correct PIN, this card successfully withdrew cash from the first ATM they tried.

One possibility is that ATMs will conclude that a card without a readable chip is just damaged so they will fallback to magstripe. Another is that many don’t have chip readers in them at all.

I’d prefer if all machines that read the strip as well are removed from service and customers told to refuse to use them.

I agree with you in principle, but for backwards compatibility the UK banks (at least) have chosen to store all the magstripe details on the chip. We even tested this in practice, by taking the magstripe details off the chip and writing them onto a blank card without a chip. The resulting card worked in the first ATM the cardholder tried.

you can monitor the keypresses by hooking two wires to each contact for each key, run this to a keylogger…. ( you could slit open the big curly wire coming off these things and place the wires in there ) then you have a second chip reader mounded the other side of the main chip reader that will merely dump the chip data to an external source… hell im sure you could build an SD slot into the thing…
easy, non intrusive way of getting the data… no modification to the internal hardware… bank transactions still work….

all it would take is the ability to open one of these things without messing up the relay to the bank

The card sends a random string to the bank, encrypted with a keyA that both bank and card knows.

The bank decrypt that string, then add some random characters (and store the characters at the bank temporarly for the transaction), encrypt it one time with a keyB that only the bank knows, and then with a keyC that both bank and card knows.
Then send to card.

The card then decrypt one step with KeyC, then add the amount of purchase to the string, and then encrypt this string with a another keyD stored on card, which both the bank and card knows. Then it send this string to the bank.

All keys should be customer-unique, even the key that is only stored @ bank side.
….

The card knows that the “bank” the card is communicating with is genuine, because if the “bank” was fake (because someone tampered with the terminal), the “bank” would not be able to decrypt the string, and then the authentication would fail at the real bank, because the card needs to derive authentication data from the decrypted string it sent to the bank (as the bank added some characters)

The bank verify the challenge sent to bank

And if the card was fake, it would not be able to encrypt the string sent to bank, as it dosent have the keyA. It would further not be able to Decrypt with KeyC and encrypt with KeyD as these is unaviable to the hacker.

And the amount cannot be tampered with because amount is encrypted into the string sent to bank.

It should be easier to block the card. Maybe make it that you store a bright red “blockcard” in a safe place, (and you can fetch any number of these paper card at any time at the bank, if you need blockcards at multiple places)
(And you should of course be able to block the card via telephone as it is today)

Inserting the blockcard in a ATM should immediaty block the original card.

Adding all these security measures means that PIN is no longer needed because the card cannot be duplicated, and if you do not posess the card, and you cannot find it, means it has been stolen and you can call and block the card, or go to nearest ATM and insert the blockcard.

Does the demonstration really tell us anything profound? It certainly underscores the need for secure terminals and environments, and the risks of merchant corruption and collusion. But we knew that already.

Someone said: “It is important to remember, however, that even perfect tamper resistance only ensures that the terminal will no longer be able to communicate with the bank once opened. It does not prevent anyone from replacing most of the terminal’s hardware and presenting it to customers as legitimate, so freely collecting card details and PIN.”

That’s an oversimplification isn’t it? A compromised terminal that doesn’t talk to the backend anymore will behave rather strangely. I doubt that you could trick more than a handful of punters before the alarm was raised.

Does the demonstration really tell us anything profound? It certainly underscores the need for secure terminals

It was intended as a nice demonstration that the security of Chip & PIN relies on customers being able to detect a tampered terminal. It also shows that building a terminal with this requirement is not feasible. Neither facts are profound, and should not come as a surprise to the industry, but without a demonstration it can be difficult to express that to the wider public.

A compromised terminal that doesn’t talk to the backend anymore will behave rather strangely.

Why should it? The fraudster has complete control over the terminal and can make it behave however he or she chooses. Even if the fraudster doesn’t have a terminal they can observe at leisure, a mobile phone camera could subtly record the desired behavior.

“The fraudster has complete control over the terminal and can make it behave however he or she chooses”

Including sending valid responses/cryptograms/etc via it’s API to the EPOS system so the retailer gets paid by their acquirer? That’s what will be harder to do if the anti tamper does it’s job (like it seemingly didn’t at Shell) and makes a compromise only of long term value if the shop environment is totally compromised, not just one or two rogue employees(i.e.if it doesn’t matter if they don’t get paid for the goods: the only point is the harvesting of card details)

Including sending valid responses/cryptograms/etc via it’s API to the EPOS system so the retailer gets paid by their acquirer?

No our one doesn’t, but I think the question was about the customer experience, not the merchant.

However, this assumes there is an integrated EPOS system. In several places I have been, there is no connection between the till and the Chip & PIN terminal. So if the terminal is replaced, the merchant will not notice (until he sees his account statement).

Tamper evidence/tamper proof/tamper resistance etc are irrelevant in this experiment. Checking with PIN Pad and terminal vendors and their processes are also irrelevant. Accounting forensics to trace transactions is also irrelevant. Think about it like this – take this fake device to a market or street fair. Start selling some fad, gadget or novelty and accept card payment for it. Customer puts in card details and gets goods and leaves content. The “merchant” now has their card details including PIN. It was never sent to a bank for processing (hence no transactional trail). This merchant then disappears and sets up the same scam some where else. The flaw is that PIN only validates the cardholder – it doesn’t validate the device. We’re so used to thinking of fraud being perpetrated by cardholders we’re forgetting the fraud is increasing being perpetrated via dodgy merchants. The fake terminal doesn’t even have to look like a genuine vendors device. Cardholders cannot be expected to be aware of every model and vendor device in the market – there is an inherent trust that any device must be a genuine device. Hence why tamper resistance and evidence etc is irrelevant in this circumstance – you could mock up an iPOD with a card reader and keypad and am sure you’d get cardholders to enter the card and PIN. Device validation must be addressed.

Interesting discussion. As a veteran of the debate I’d like to add to the discussion
On the complaince side the following are what i know everyone globally is suppose to certify their Electronic Payment devices to.

EMV level 1 and 2 should deal with making sure the device does what EMV says it should.

PCI PED defines tamper resistance and other security features designed to protect the integrity of a PIN transaction.

Then there is PCI DSS dealing with things like encryption, password, firewalls and confidentiality.

But none of these address, as so aptly described by Lindsay Johnson | May 25th, 2007 at 00:48 UTC, the real issue.

When we designed EMV we once spoke of implementing a method for terminal authentication. In the end we excluded such a concept from EMV. Others have piloted schemes that support terminal authentication but acquirers resist given the cost and complexity of deploying such a solutions.

The bottom line question is how is the consuemr to know that the machine is a fake.

Why not use the Mobile phone as the secure device and since it is the consumer that is paying let him be responsible to know that his device has not been tampered with therefore the stuff the bank put inside is still ok. From a risk perspective we will have to deal with the issue of lost and stolen phones. We could implement biometrics as a security device on the phone even voice recognition or accept PIN for now. And frankly I’d love to think much more about this if anyone is interesed please reach out. +1 416 628 513

Yes, I’ve also been thinking about using a phone in Chip and PIN transactions. The key idea is to allow the cardholder to see the transaction they are about to authorize, on a device controlled by them – their phone. In the current EMV system the smartcard doesn’t have a display and the terminal is potentially compromised. The open question is how to get transaction information from the bank to the phone, without harming usability.

Since I work for them, I obviously like the Cronto system. As all standard phones come with cameras, the encrypted and authenticated transaction can be encoded in a 2D-barcode. This achieves both mutual authentication and transaction authorization. So far this has been targeted at online transactions, but should work at POS too.

Another option is two-channel, such as sending the transaction in a SMS. This is also targeted at online transactions, but at POS the dependence on mobile phone signal and prompt SMS delivery could be a hindrance. Masabi have a good summary of various two-factor authentication systems, including their two-channel proposal.

Once phones eventually come with NFC capability, this could be used for POS transactions too. It is currently being trialled.

A POS terminal as many others, is just a small computer you can program to do anything you want with the hardware it has, Playing Tetris, for instance, so, there is nothing amazing on this.
Of course, you can also make a more complex program to steal the card info and make whatever you like with the stolen data.
At the end, no matter the security, the cardholder should use an extra feature called “common sense”, to avoid fake terminals and suspicious sites.

A POS terminal as many others, is just a small computer you can program to do anything you want with the hardware it has, Playing Tetris, for instance, so, there is nothing amazing on this.

Indeed, this technically un-amazing. It is amazing, however, that a device designed to protect our money fails in this way.

At the end, no matter the security, the cardholder should use an extra feature called “common sense”, to avoid fake terminals and suspicious sites.

Common sense should not play into this (your common sense is different than mine and anyone else’s, I am sure). In order to detect a fake terminal you need to be a trained professional and know exactly what to look for. Are you suggesting training all cardholders? Are you suggesting furthering the liability onto customers for the detection of tampering? This liability should be with the banks because only they can do something to improve the security.

I have personally seen several terminals glued with tape onto a mounting plate (one at Marks and Spencer; I’ve taken pictures), and others that are either old or have stickers and holes on them. Except me, I wonder how many people used the “common sense” you suggest and have refused to use those. But doing what I do, I notice these things though I can’t expect everyone else to.

They have to insert another flea(chip)(sim) into a terminal of payment and have him(her,it) to connect it bluetooth on a portable pc and like that when a customer pay with that card, they receive all to give them of the card of credit and even the secret code!!!
Do you know the equipment which they were able to use?

Haha this is a brilliant and very lighthearted way of showing the problems of our everyday technology that is trusted. I think this kind of thing is actually really important to alert people, although the tamper resistance would mean that your card couldn’t be used to directly go through to the bank – criminals could still get your card details and use them at a later date. Important lesson taught in a funny way – go these guys!

This is brilliant! I didn’t realise they were so easily manipulated? Pretty worrying that I’d have no clue if one had been compromised or not. Isn’t there an electrical version of Tamper Evident Tape that would show unknowing customers whether something was up?